ISO 2700x

Information security is characterized by diverse standards. The British Standard BS 7799 is one of them, as well as the ISO standards ISO 17799 and ISO 13335. With the publication of the ISO 2700x series of standards, the diversity of standards will become clearer and well-known standards, such as those previously mentioned, will be united under one standard.

ISO certification for information security

With the ISO certification of information security, this topic receives an upgrade, since an ISO certificate has a high acceptance. In the long term, all security-relevant aspects are included in the ISO 2700x series of standards. In addition, this series of standards complements the ISO quality and environmental standards ISO 9000 and ISO 14000.

ISO 27000 series of standards for information security

The current ISO 27000 proposed standard defines the vocabulary used in the ISO 2700x series of standards, which forms a comprehensive and clear set of rules for information security that can also be used by SMEs.

The ISO 2700xx series of standards

The ISO 2700x series of standards consists of ISO 27001, which defines the certification requirements for an information security management system( ISMS), ISO 27002, which includes the former ISO 17799:2005 and serves as an implementation guide. ISO 27003 provides further implementation guidance, ISO 27004 defines the metrics systems for ISMS, ISO 27005 describes risk management, ISO 27006 describes how institutions certify information security management systems, and ISO 27007 provides audit guidelines.

The series of standards is distinct from the national variant of the German Federal Office for Information Security( BSI) with the standards BSI-100-1, BSI-100-2, BSI-100-3,

ISO 27000 contains as a proposed standard the vocabulary used in the ISO 2700x series of standards.

ISO 27001 certificates for the audit process

ISO 27001:2005 was developed from ISO 17799 or BS 7799 and defines all functions related to the operation and implementation of security-related functions of an information security management system (ISMS) in organizations. In this context, its introduction, operation and maintenance as well as the associated risks for the organization are to be mentioned. It describes the implementation of security-related functions.

ISO 27002: The ISO 27002 standard is the renamed ISO 17799 standard and deals with control mechanisms in information security.

ISO 27003 provides guidance for the development and implementation of an Information Security Management System (ISMS).

ISO 27004 addresses information security measurement methods and metrics. It is not published in its current form but will be after a revision.

ISO 27005 is the future standard for risk management and will be published later.

ISO 27006 elaborates the guidelines for accreditation of organizations as certification bodies. Since the standard is to take into account the market-relevant requirements for good support of ISO 27001, the previous standard will be revised and replaced.